How to set login Authentication ( Username / Password ) to Apache webserver in Ubuntu ?

If you have allready installed apache webserver on ubuntu using “How to install Apache webserver on Ubuntu ?” , sometimes its good that we need to set the login authentication with username and password to apache so that it can be blocked from open access. This post briefs about the same.

$ sudo apt install apache2-utils
$ sudo htpasswd -c /etc/apache2/.htpasswd testuser
New password: 
Re-type new password: 
Adding password for user testuser

We set the password to “test123$5”, you can check if the username and password is created using below command,

$ cat /etc/apache2/.htpasswd

this shows that, we created “testuser” and next string is encrypted password.

Now, Add following lines to /etc/apache2/sites-enabled/000-default.conf, this will set the login username, password to complete directory “/var/www/html/” , you may decide to change it to any other directory inside “/var/www/html/”

<Directory "/var/www/html/">
   AuthType Basic
   AuthName "Restricted Content"
   AuthUserFile /etc/apache2/.htpasswd
   Require valid-user
$ vim /etc/apache2/sites-enabled/000-default.conf 
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

       <Directory "/var/www/html/">
           AuthType Basic
           AuthName "Restricted Content"
           AuthUserFile /etc/apache2/.htpasswd
           Require valid-user


Now, restart apache webserver and check if you have login, password enabled as,

$ sudo systemctl restart apache2
$ sudo systemctl status apache2

Now, visit http://localhost and it should ask username & password.


Subscribe with Valid Email Id to receive updates in Inbox. ( Secured by Google FeedBurner )


Leave a Comment

Android Android Build system Android Commands Android Java Applications Application Libraries Application Stack / User Interface Bash / Shell Scripts Bluetooth driver Cloud Technologies Commands and Packages Compilation Content Management System Core Kernel C Programs Development & Build Development, Debugging and Performance Tools Development Environment Setup Django & REST Api Errors & Failures Git Hardware Platforms HTML JAVA Programs Linux, OS Concepts and Networking Linux Device Drivers Linux Host, Ubuntu, SysAdmin Linux Kernel Linux Networking Middleware Libraries, HAL Multimedia Audio, Video, Images NDK / Middleware / HAL OS Concepts PHP Programming Languages Scripting and Automation Search Engine Optimisation ( SEO ) Social Media Source Code Management ( SCM ) System Administration, Security Testing and Debugging Uncategorized Web design and development Website Hosting Wordpress Yocto / Bitbake / Openembedded